5 facts about the health data black market

Hackers won't be targeting credit card numbers as much as healthcare data in 2015, according to a forecast report from Experian. But what happens to a patient's health data after it has been stolen?

Between 2005 and 2014, 677,749,785 people's records were stolen, and nearly half of reported identity thefts in 2014 were of medical records, according to the Identity Theft Resource Center. Those records are worth a lot of money to some and are auctioned off in remote corners of the Internet.

Here are five things to know about the medical record black market:

1. The websites are not searchable from Google. Aarti Shahani of NPR conducted an impromptu investigation and found many of the websites where electronic health data is being sold come from Somalia and Russia. These websites are not easily trackable from the ordinary Internet; they can often only be accessed through a more secure software such as Tor.


2. The prices vary. The ones Ms. Shahani found were being sold in packs of 10 for approximately $4,700, according to NPR. However, some are sold for as little as a few dollars, according to KrebsOnSecurity, a blog reporting on computer security. However, they are more expensive than credit card numbers, which can often be had for a few cents, according to NPR.


3. The black markets are becoming more sophisticated. Many of them are structured in tiers and require vetting by the seller before a potential buyer can access them, according to a 2014 study by the RAND Corporation. One expert RAND consultant estimated 10 to 20 percent of the market operated in these highly vetted tiers, and only a quarter can be considered highly skilled. On top of that, many of the medical records being sold are either bundled together or stripped apart, making them more difficult to track.


4. The primary language is not English. While much of the phishing and scamming is done in English because the largest number of victims speak that language, there are reports of language-specific forums in Mandarin, German, Vietnamese and others, according to RAND. The Anthem hack and several other major health system hacks have been attributed to hackers in China.


5. The market is growing for stolen medical records. As the U.S. and Europe move their medical systems to the digital space, protected health information becomes more available to skilled hackers. Although RAND's report estimates that the price for medical records is staying relatively stable, it also says there are more strategic attacks, and more medical records are increasing in value if not in price. The markets are also flooded with credit card numbers, so there will likely be a shift to other digital assets.

© Copyright ASC COMMUNICATIONS 2019. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

 

Top 40 Articles from the Past 6 Months